Share authtoken between "tabs"

I'd only just started looking into it before I left. Luckily it was straightforward and I implemented it yesterday. Held off until noon today to commit it though to respect the demo.

what is the status of this? Can we demo this next week?

So I was assuming we'd do this in local storage because we weren't passing it to the server via cookies and also I had a vague recollection that storage rather than cookies was standard practice for JWT.

Turns out there are a lot of recommendations of that because it protects against CSRF:
https://auth0.com/blog/angularjs-authentication-with-cookies-vs-token/

Of course if you take steps to mitigate the CSRF things might be different. An argument made by ...a place pushing a solution for mitigating CSRF:
https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage

And JWT have their own limitations and security concerns so need to be used quite mindfully:
http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/

...at any rate, this wrapper makes indexdb potentially even more convenient than cookies for the immediate purpose so I'll do that for now and we can switch to cookies later if Kurt decides we should use those or other things change wrt auth.